Industry Trends
The days of a branch office relying on a fixed MPLS connection to backhaul all internet traffic, data, and workflows back to the core network are over. To compete in today’s digital economy, today’s branch offices need to be an integral part of the network, rather than functioning as an add-on attached through some dangling WAN connection.
Instead, organizations need next-gen offices that can utilize cloud-based resources and global collaboration applications, such as VoIP and videoconferencing, which require highly scalable bandwidth. Traditionally, this was provided with MPLS, but because today’s networks, cloud-based resources, and data are constantly shifting and relocating, they have rendered those rigid connections traditionally obsolete.
In fact, as the datacenter becomes increasingly virtualized and distributed, workers and resources become more mobile, and edge computing further redistributes resources, the strategy of having a core network that functions as a hub for multiple branch office spokes is collapsing. It is being replaced with a meshed network that blends together network edge environments: cloud platforms and applications, mobile users and smart devices, IoT, 5G and edge computing, and the new WAN edge.
For the SD-Branch to realize its potential, it not only needs real-time access to data and resources—wherever they are located. It also needs to use critical business applications that not only require reliable and high-performance bandwidth, but that can be seamlessly interconnected to other offices and users, including mobile workers.
SD-WAN uses the public internet to securely interconnect branch offices with distributed resources while ensuring high performance for latency-sensitive and business-critical applications. However, SD-WAN is much more than a connectivity replacement. SD-WAN also needs to seamlessly interconnect with local branch functions. The SD-Branch combines software-defined networking and virtualization with local access to internet and cloud resources, as well as LAN/Wi-Fi functions for local devices, to enable digital transformation to the WAN edge.
An effective SD-WAN solution supports these capabilities through flexible and reliable connectivity, the extension of advanced routing functionality and load-balancing across the organization’s meshed VPN overlay, as well as providing a full suite of integrated security that can secure data and transactions end to end.
As the potential attack surface grows, opportunities for breach, data loss, and compromised information come with every new device, application, and connection. Which is why SD-WAN experts and industry analysts have emphasized that an optimal enterprise SD-WAN solution needs to not only support WAN performance requirements, but also address security priorities. However, a consistent critical SD-WAN challenge has been the inability of most solutions on the market to establish an effective and consistent security strategy that can dynamically span and adapt to the demands of digital transformation.
This leaves many organizations attempting to build an ad hoc security solution using the legacy security tools they already have in place. But the increased performance demands of today’s digital networks, compounded by the distributed nature of network resources, undermine the effectiveness of traditional cybersecurity tools. Security tools that struggle to keep up with today’s increasing speed and bandwidth requirements are unlikely to provide the protection digital networks require without becoming a serious bottleneck.
The challenge is that because SD-WAN has become such a hot market, a large number of vendors have jumped into the market. And as with other early markets, many of these solutions fail to provide a full solution. Organizations looking to adopt an SD-WAN solution as part of their digital transformation strategy need to consider four critical elements when evaluating a solution:
Organizations can no longer afford for their networks to function as a collection of isolated segments, which means that all networking and security functions need to exist on the same pane-of-glass management solution. By selecting an SD-WAN solution that supports centralized management, configuration, and monitoring tools for both WAN and security solutions increases management efficiency and effectiveness. while significantly reducing the cost of deployment and management. And that management strategy then needs to extend to the rest of the distributed network.
The digital transformation of business needs to occur without a disproportionate expansion of the global cybersecurity attack surface. This can only happen if we see our network and security systems as a single, holistic solution. SD-WAN solutions for the expanding WAN edge, like solutions being applied at any of the other emerging network edge environments, need to not only provide broad flexibility and high performance functionality and services, but also operate as part of a collective whole. And as organizations work toward deploying a comprehensive digital transformation, correlating network and security intelligence must be a top priority, because cybercriminals are just as motivated to take advantage of these network environments as the organizations that are building them.
For more details on the comprehensive Fortinet Secure SD-WAN solution, download a copy of our e-book, “Upgrade Branch Infrastructures with Fortinet Secure SD-WAN” available here.
Find out more about Fortinet's Secure SD-WAN Solutions and our new SD-WAN ASIC chip.
Read more about the Fortinet Security Fabric and how Fortinet is delivering solutions for the Third Generation of Network Security.